Lucene search
K
IbmMost viewed

35692 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/08/01 4:3 p.m.53 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is affected by a arbitrary code execution in OpenSSH server [CVE-2024-6387]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is affected by arbitrary code execution in OpenSSH server, caused by a signal handler race condition CVE-2024-6387. Open SSH is a component of a glibc library that is included in our Speech Service Runtimes, but not actively...

8.1CVSS8.4AI score0.99506EPSS
Exploits68Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/08 9:24 a.m.53 views

Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control

Summary Node.js is vulnerable to remote attacker to obtain sensitive information, denial of service, HTTP request smuggling and allow a local authenticated attacker to gain elevated privileges on the system. These vulnerabilities affect IBM Spectrum Control. CVE-2024-27983, CVE-2024-22019,...

8.2CVSS9AI score0.87211EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/21 3:45 p.m.53 views

Security Bulletin: Multiple PostgreSQL Vulnerabilities Affect IBM Storage Scale System

Summary There are vulnerabilities in PostgreSQL versions used by IBM Storage Scale System that could allow a remote authenticated attacker to obtain sensitive information or bypass security restrictions, a denial of service and a buffer overflow. IBM Storage Scale System has addressed the...

8.8CVSS9AI score0.04322EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/19 8:47 p.m.53 views

Security Bulletin: IBM WebSphere Application Server is vulnerable to identity spoofing (CVE-2024-37532)

Summary IBM WebSphere Application Server is vulnerable to identity spoofing. Vulnerability Details CVEID:CVE-2024-37532 DESCRIPTION: IBM WebSphere Application Server is vulnerable to identity spoofing by an authenticated user due to improper signature validation. CVSS Base score: 8.8 CVSS Tempora...

8.8CVSS8.3AI score0.00353EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/17 11:59 a.m.53 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to libssh, Linux-pam ,Kerberos 5, systemd and idna packages/liberaries.

Summary IBM MQ Operator and Queue manager container images are vulnerable to libssh, Linux-pam ,Kerberos 5, systemd and idna. This bulletin identifies the steps required to address these vulnerabilities Vulnerability Details CVEID:CVE-2023-6004 DESCRIPTION: libssh could allow a local authenticate...

7.5CVSS8AI score0.01421EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/24 2:17 p.m.53 views

Security Bulletin: Security vulnerability found in curl package shipped with IBM CICS TX Advanced 10.1

Summary Security vulnerability found in curl package shipped with IBM CICS TX Advanced 10.1. IBM CICS TX Advanced has addressed the applicable issue. Vulnerability Details CVEID:CVE-2024-2398 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a memory leak when allowing...

8.6CVSS8.7AI score0.36081EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/15 8:36 a.m.53 views

Security Bulletin: IBM QRadar SIEM protocols are vulnerable to information exposure and denial of service (CVE-2023-31582, CVE-2023-51775)

Summary The Jose4j library is vulnerable to a denial of service, caused by improper input validation. It could also allow a remote attacker to obtain sensitive information using cryptographic attacks. Vulnerability Details CVEID:CVE-2023-31582 DESCRIPTION: Jose4J could allow a remote attacker to...

7.5CVSS7.8AI score0.00879EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/26 2:47 p.m.53 views

Security Bulletin: IBM MQ Appliance is affected by multiple vulnerabilities in the IBM Runtime Environment, Java Technology Edition (CVE-2024-20952 and CVE-2023-33850)

Summary Multiple issues were identified with IBM Runtime Environment, Java Technology Edition, Version 8 which is shipped in IBM MQ Appliance. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote...

7.5CVSS7.5AI score0.00918EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/17 3:56 p.m.53 views

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2024-24795, CVE-2023-38709)

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...

7.3CVSS6.8AI score0.03914EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/12 5:44 p.m.53 views

Security Bulletin: Order Management could be subject to an Apache Struts vulnerability that could allow a remote attacker to execute arbitrary code on the system.

Summary Order Management removed parts of legacy code that carried vulnerabilites. The code did contain CVE-2013-2115, CVE-2013-4316, CVE-2014-0112, CVE-2014-0113, CVE-2015-5209, CVE-2016-3082, CVE-2016-4436, CVE-2017-12611, CVE-2019-0230, CVE-2019-0233, CVE-2020-17530, CVE-2021-31805,...

10CVSS10AI score0.98094EPSS
Exploits93Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/02 1:12 p.m.53 views

Security Bulletin: Multiple vulnerabilites in IBM Rational Build Forge.

Summary IBM Rational Build Forge 8.0.0.26 addresses multiple vulnerabilites Vulnerability Details CVEID:CVE-2024-21733 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the leaking of unrelated request bodies in default error page. By sending a...

7.5CVSS9.2AI score0.70595EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/29 10:45 a.m.53 views

Security Bulletin: Vulnerability in Enterprise Security API for Java affects IBM Process Mining WS-2023-0429

Summary There is a vulnerability in Enterprise Security API for Java that could allow an remote attacker to steal cookie-based authentication credentials on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability...

7.5AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/27 8:12 p.m.53 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.5.0 Vulnerability Details CVEID:CVE-2023-5764 DESCRIPTION: Ansible could allow a local authenticated attacker to execute arbitrary code on the system, caused by a template injection flaw. By sending a specially...

9.8CVSS9.2AI score0.04561EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/27 5:25 p.m.53 views

Security Bulletin: IBM DevOps Release 7.0.0.1 addresses multiple vulnerabilities.

Summary IBM DevOps Release 7.0.0.1 addresses multiple vulnerabilities. Vulnerability Details CVEID:CVE-2024-21733 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the leaking of unrelated request bodies in default error page. By sending a special...

7.5CVSS7.8AI score0.23072EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/20 6:36 p.m.53 views

Security Bulletin: Vulnerabilities in Spring, Tomcat, Jackson, sudo, and Linux kernel can affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Spring, Tomcat, Jackson, sudo, and Linux kernel. Vulnerabilities include obtaining sensitive information, gaining elevated privileges, executing arbitrary commands, denial of service, and bypassing security restrictions, as...

9.8CVSS9.8AI score0.19753EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/15 1:52 p.m.53 views

Security Bulletin: IBM Observability with Instana using third-party Kubernetes Operators is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana using third-party Kubernetes Operators build 267 Vulnerability Details CVEID:CVE-2024-20919 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause hi...

7.5CVSS8.3AI score0.00857EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/13 2:29 p.m.53 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2023-43642

Summary snappy-java is used by the IBM Datapower Operations Dashboard as a compressor/decompressor for Java Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk length. By sending a specially crafted...

7.5CVSS7.3AI score0.0104EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/28 5:18 p.m.53 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.4.1 Vulnerability Details CVEID:CVE-2023-4641 DESCRIPTION: shadow-maint shadow-utils could allow a local authenticated attacker to obtain sensitive information, caused by failing to clean the buffer used to store...

8.7CVSS9.7AI score0.76875EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/15 7:37 p.m.53 views

Security Bulletin: IBM Copy Services manager is affected by IBM SDK, Java Technology Edition Quarterly CPU - Oct 2023 - Includes Oracle October 2023 CPU plus CVE-2023-5676

Summary IBM Copy Services Manager is affected by All applicable Java SE CVEs published by Oracle as part of their October 2023 Critical Patch Update plus CVE-2023-5676. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

5.9CVSS6.3AI score0.014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/15 8:18 a.m.53 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing (PUB) jQuery Vulnerability

Summary IBM Engineering Lifecycle Optimization - Publishing jQuery and jQuery.min found vulnerable Vulnerability Details CVEID:CVE-2020-11022 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuery.htmlPrefilter method. A remot...

6.9CVSS6.5AI score0.99019EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/02 2:15 p.m.53 views

Security Bulletin: App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.14 LTS and 11.2.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

7.8CVSS9.5AI score0.03869EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/13 9:51 p.m.53 views

Security Bulletin: IBM UrbanCode Deploy (UCD) is susceptible to multiple Eclipse Jetty vulnerabilities (CVE-2023-36478, CVE-2023-44487)

Summary IBM UrbanCode Deploy UCD is susceptible to multiple Eclipse Jetty denial of service vulnerabilities. Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow and buffer allocation in MetaDataBuilder.checkSize...

7.5CVSS8AI score0.99999EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/08 8:43 a.m.53 views

Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes API server security vulnerabilities (CVE-2023-39325 and CVE-2023-44487)

Summary IBM Cloud Kubernetes Service is affected by security vulnerabilities in the Kubernetes API server that may allow a denial of service attack from unauthenticated clients CVE-2023-39325 and CVE-2023-44487. Vulnerability Details CVEID: CVE-2023-39325 Description: A malicious HTTP/2 client...

7.5CVSS8.1AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/07 10:45 p.m.53 views

Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in PHP (CVE-2019-6978, CVE-2019-6977)

Summary The following vulnerabilities in PHP have been addressed by IBM Flex System Chassis Management Module CMM. Vulnerability Details CVEID: CVE-2019-6978 DESCRIPTION: The GD Graphics Library aka LibGD 2.2.5 has a double free in the gdImagePtr functions in gdgifout.c, gdjpeg.c, and gdwbmp.c...

9.8CVSS0.7AI score0.65116EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/07 10:45 p.m.53 views

Security Bulletin: IBM Flex System switch firmware products are affected by a vulnerability in OpenSSL (CVE-2019-1559)

Summary IBM Flex System switch firmware products have addressed the following OpenSSL vulnerability. Vulnerability Details CVEID: CVE-2019-1559 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP connection after t...

5.9CVSS0.7AI score0.17139EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/07 10:45 p.m.53 views

Security Bulletin: IBM Flex System switch firmware products are affected by vulnerability in OpenSSL (CVE-2018-0732)

Summary IBM Flex System switch firmware products have addressed the following vulnerability in OpenSSL. Vulnerability Details CVEID: CVE-2018-0732 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the sending of a very large prime value to the client by a malicious server durin...

7.5CVSS0.4AI score0.49268EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/07 10:45 p.m.53 views

Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in OpenSSL (CVE-2018-0732 CVE-2018-0737)

Summary IBM Dynamic System Analysis DSA Preboot has addressed the following vulnerabilities in OpenSSL. Vulnerability Details CVEID: CVE-2018-0732 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the sending of a very large prime value to the client by a malicious server durin...

7.5CVSS1AI score0.49268EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/16 2:7 p.m.53 views

Security Bulletin: Vulnerabilities in Node.js affect IBM Voice Gateway

Summary Security Vulnerabilities in Node.js affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID: CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/2 protocol. ...

7.5CVSS8.4AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/07 11:23 p.m.53 views

Security Bulletin: IBM i is vulnerable to a local privilege escalation due to flaws in Management Central (CVE-2023-40685, CVE-2023-40686).

Summary IBM i is vulnerable to a local privilege escalation due to flaws in a Management Central as described in the vulnerability details section. The vulnerabilities exist even when Management Central is not being used for systems management tasks. IBM i has addressed the vulnerabilities with...

7.8CVSS7.2AI score0.0015EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/06 9:21 p.m.53 views

Security Bulletin: Vulnerability in SANNav software and FOS firmware used by IBM b-type SAN directors and switches.

Summary The SANnav Management Portal, Global View, and FOS firmware for IBM b-type products are vulnerable due to an OpenSSL issue. The vulnerability has been addressed and can be resolved by applying the SANnav and FOS code levels listed below. Vulnerability Details CVEID: CVE-2022-2068...

10CVSS7.6AI score0.95764EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/26 11:23 a.m.53 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to security restrictions bypass

Summary Node.js is used by IBM App Connect Enterprise Certified Container for running integration code. IBM App Connect Enterprise Certified Container operands are vulnerable to security restrictions bypass. This bulletin provides patch information to address the reported vulnerability in Node.js...

9.8CVSS6.4AI score0.01484EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/09 11:0 a.m.53 views

Security Bulletin: Vulnerability in Spring Session affects IBM Process Mining . CVE-2023-20866

Summary There is a vulnerability in Spring Session that could allow a local authenticated attacker to obtain sensitive information. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-20866...

6.5CVSS6.2AI score0.0066EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/04 10:32 a.m.53 views

Security Bulletin: OpenSource Apache Taglibs Vulnerability affects IBM Jazz Reporting Service (CVE-2015-0254)

Summary Apache Standard Taglibs could allow a remote attacker to execute arbitrary code on the system, caused by an XML External Entity Injection XXE error when processing XML data. Vulnerability Details CVEID:CVE-2015-0254 DESCRIPTION: Apache Standard Taglibs could allow a remote attacker to...

7.5CVSS9.5AI score0.1326EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/30 4:29 a.m.53 views

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to information disclosure due to Apache MINA SSHD (CVE-2023-35887)

Summary Apache MINA SSHD is shipped with IBM Tivoli Netcool Impact as part of the Command Line Manager service. Information about a security vulnerability affecting Apache MINA SSHD has been published in a security bulletin. Vulnerability Details CVEID:CVE-2023-35887 DESCRIPTION: Apache MINA SSHD...

5CVSS5.7AI score0.0098EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/28 7:41 a.m.53 views

Security Bulletin: IBM Operational Decision Manager September 2023 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-2253...

6.5CVSS7.3AI score0.01316EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/13 9:34 a.m.53 views

Security Bulletin: Vulnerability in IBM Java affects DB2 Recovery Expert for Linux, Unix and Windows

Summary IBM Java versions 8.0.7.0 - 8.0.7.11 are vulnerable to crypto attacks Vulnerability Details CVEID:CVE-2023-30441 DESCRIPTION: IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of...

7.5CVSS7.4AI score0.00609EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/11 4:44 p.m.53 views

Security Bulletin: IBM Cognos Command Center is affected by multiple vulnerabilities (CVE-2023-21939, CVE-2023-21967, CVE-2022-29117, XFID: 234366)

Summary There are vulnerabilities in IBM® Semeru Java™ Version 11 used by IBM Cognos Command Center. IBM Cognos Command Center 10.2.4 Fix Pack 1 IF19 has addressed the applicable CVEs by upgrading to IBM® Semeru JRE 11.0.19.0 CVE-2023-21939, CVE-2023-21967. The following 3rd party components used...

7.5CVSS7.6AI score0.04913EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/05 12:38 p.m.53 views

Security Bulletin: Vulnerabilities found in jackson-mapper-asl-1.9.13.jar which is shipped with IBM® Intelligent Operations Center(CVE-2019-10202, CVE-2019-10172)

Summary Multiple vulnerabilities have been identified in jackson-mapper-asl-1.9.13.jar which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerabilit...

9.8CVSS8.9AI score0.17044EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/04 11:22 a.m.53 views

Security Bulletin: CVE-2022-40609 may affect Java Technology Edition used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint

Summary CVE-2022-40609 vulnerability in Java Technology Edition could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw by sending specially-crafted data. Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Editi...

9.8CVSS8.9AI score0.01827EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/28 7:54 p.m.53 views

Security Bulletin: IBM TRIRIGA Application Platform discloses denial of service (CVE-2022-31129)

Summary Moment is vulnerable to a denial of service, caused by inefficient regular expression complexity. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: Moment is...

7.5CVSS7.5AI score0.04923EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/25 8:41 p.m.53 views

Security Bulletin: IBM Security Directory Suite has multiple vulnerabilities [CVE-2022-33163 and CVE-2022-33168]

Summary The following vulnerabilties in IBM Security Directory Suite have been addressed. Please apply the fixes shown below. CVE-2022-33163 and CVE-2022-33168 Vulnerability Details CVEID:CVE-2022-33163 DESCRIPTION: IBM Security Directory Suite VA 8.0.1 specifies permissions for a security-critic...

8.1CVSS6.4AI score0.00765EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/19 8:13 p.m.53 views

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities (CVE-2023-28530, XFID: 212233, CVE-2022-24999, CVE-2023-28530, CVE-2023-25929)

Summary Security vulnerabilities have been addressed in IBM Cognos Analytics 11.2.4 FP2. These vulnerabilities have also been previously addressed in IBM Cognos Analytics 11.1.7 FP7. Denial of Service DOS vulnerabilities have been addressed in Netplex json-smart-v2 CVE-2023-1370 , node.js d3-colo...

7.5CVSS8.2AI score0.14663EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/14 10:12 p.m.53 views

Security Bulletin: IBM InfoSphere Information Server is affected by a denial of service vulnerability in netplex json-smart-v2 (CVE-2023-1370)

Summary A denial of service vulnerability in netplex json-smart-v2 used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION: netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By...

7.5CVSS7.7AI score0.01119EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/30 5:54 a.m.53 views

Security Bulletin: Multiple vulnerabilities fixed in IBM Security Verify Governance - Identity Manager Virtual Appliance

Summary Multiple security vulnerabilities for open source components used in IBM Security Verify Governance, Identity Manager - Virtual Appliance component have been addressed. Vulnerability Details CVEID:CVE-2020-7729 DESCRIPTION: Node.js grunt module could allow a remote authenticated attacker ...

9.8CVSS9.9AI score0.30367EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/27 10:55 p.m.53 views

Security Bulletin: This Power System update is being released to address CVE-2023-25683

Summary The PowerVM Hypervisor could allow an attacker to obtain sensitive information if they gain service access to the HMC Vulnerability Details CVEID:CVE-2023-25683 DESCRIPTION: IBM PowerVM Hypervisor could allow an attacker to obtain sensitive information if they gain service access to the...

7.5CVSS6.5AI score0.00626EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/16 7:23 p.m.53 views

Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Spectrum Copy Data Management (CVE-2022-1280, CVE-2023-0386, CVE-2022-4269, CVE-2022-2873, CVE-2022-4378)

Summary IBM Spectrum Copy Data Management can be affected by vulnerabilities in Linux Kernel. Vulnerabilities include gaining elevated privileges, obtaining sensitive information, causing the system to crash, and denial of service attack, as described by the CVEs in the "Vulnerability Details"...

7.8CVSS7.9AI score0.0788EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/05 7:28 p.m.53 views

Security Bulletin: Pallets Flask is vulnerable to CVE-2023-30861 used in IBM Maximo Application Suite

Summary IBM Maximo Application Suite uses Pallets Flask which is vulnerable to CVE-2023-30861 Vulnerability Details CVEID:CVE-2023-30861 DESCRIPTION: Pallets Flask could allow a remote attacker to obtain sensitive information, caused by missing Vary: Cookie header. By sending a specially crafted...

7.5CVSS7.4AI score0.01261EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/02 2:28 p.m.53 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager - Includes Oracle January 2023 CPU (CVE-2023-21830, CVE-2023-21843)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition used by IBM Tivoli System Automation Application Manager. These issues were disclosed as part of the IBM Java SDK updates in January 2023. Vulnerability Details Refer to the security bulletins listed in the...

5.3CVSS6AI score0.01357EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/31 10:20 p.m.53 views

Security Bulletin: IBM Edge Application Manager 4.5.1 addresses multiple security vulnerabilities

Summary IBM Edge Application Manager 4.5.1 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for binary and text...

7.8CVSS6.9AI score0.01048EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/24 1:34 p.m.53 views

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes API server security vulnerability (CVE-2022-3172)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in the Kubernetes API server that can cause clients to be redirected by an aggregated API server SSRF CVE-2022-3172 Vulnerability Details CVEID: CVE-2022-3172 Description: Kubernetes kube-apiserver is vulnerable to...

8.2CVSS6.7AI score0.02464EPSS
Exploits1Affected Software1
Total number of security vulnerabilities5000